07-05-2017 10:27 AM - edited 03-08-2019 11:12 AM
Hello,
I'm using
ZZZ-L3#sh
The current template is "
I have two
So Here is my setup:
LAN (VLAN1)--[ZZZ-L3]--trunk port--[YYY-L2]-- Vlan10
no
...
interface Vlan1
no
no
end
interface Vlan10
no
no
end
ZZZ-L3#sh access-lists 111
Extended IP access list 111
10 permit
20 deny
ZZZ-L33#sh
...
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 28 WS-C2960X-24TS-L 15.2(2)E6 C2960X-UNIVERSALK9-M
* 2 28 WS-C2960X-24TS-L 15.2(2)E6 C2960X-UNIVERSALK9-M
I can confirm that ACL works:
RDP from 192.168.1.50 to 192.168.10.50 works OK.
And, If I ping 192.168.1.50 from 192.168.10.50 I receive "Request timed out."
However, I don't see any "%SEC-6-IPACCESSLOGDP: list 111 denied " in the log on the switch.
The other strange thing is that if I ping IP that doesn't exist in subnet 192.168.10.x - for example 192.168.10.60
First: I receive "Destination net
Second: Deny log message shows up in the log:
%SEC-6-IPACCESSLOGDP: list 111 denied icmp 192.168.1.50 -> 192.168.10.60 (8/0), 1 packet
One more thing, If I define switch port in VLAN 10 on ZZZ-L3 and connect 192.168.10.50 directly to ZZZ-L3,
then "%SEC-6-IPACCESSLOGDP: list 111 denied" is starting shows up
Any idea about such a strange behavior?
Thank you in advance,
Alex.
07-07-2017 04:37 AM
Julio,
Thank you for all your responses.
Unfortunately, "ip access-list logging interval" didn't help as well.
As I mentioned to Paul above, I'm going to either create a ticket with TAC or simply close the topic.
I was able reproduce the same issue with the other stack I have.
So, probably L3 stack of 2xC2960X was not a best idea.
C2960X with lan-based IOS in L3 mode is not widely used (especially in stack), so may be this is why this was not reported before.
And yes, let's call this "a feature" :).
Thks,
Alex.
07-07-2017 04:41 AM
Thank you Alex, please keep us posted about the resolution.
Have a good day.
07-06-2017 12:34 AM
Hello
Can you post - Show logging
res
Paul
07-06-2017 02:15 AM
Paul,
Please check the post about ACL 115.
Thks,
AleX
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide